Description

In Grafana 2.x through 6.x before 6.3.4, parts of the HTTP API allow unauthenticated use. This makes it possible to run a denial of service attack against the server running Grafana.

Remediation

References

CVE-2019-15043

Related Vulnerabilities

Atlassian Jira Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2017-16862)

WordPress Plugin Clipta Video Informer Cross-Site Scripting (1.0)

WordPress Plugin WBW Currency Switcher for WooCommerce Cross-Site Scripting (1.6.5)

Moodle Insertion of Sensitive Information into Log File Vulnerability (CVE-2018-10889)

SugarCRM Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2019-17311)

Severity

High

Classification

CVE-2019-15043 CWE-306 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Tags

Missing Update Known Vulnerabilities